KEEP IN TOUCH
Subscribe to our mailing list to get free tips on Data Protection and Cybersecurity updates weekly!
We founded Asia’s first bug bounty platform and have been keeping Organisations, MNCs and SMEs all over the world safe from cyber attacks and data breaches.
Large organisations like A*Star Research, Marché, E27, MightyJaxx, AlphaWave, Wallex, The Law Society of Singapore trust us with their cyber security.
Not one of the companies we’re working with have suffered a data breach after engaging us.
Our pentesters are hall of famers who have ethically hacked the most secure systems in the world like Microsoft, Google, Facebook etc.
As there’s nothing our pentesters haven’t seen, we complete our VAPT within 7 days of project commencement!
We pride ourselves on being the best pen-testing provider in Singapore but are also 100% committed to being the most affordable.
If you find other licensed and registered penetration testing service provider who are cheaper than us, we’ll beat the price by 20%.
Annual VAPT is mandatory for all networks, mobile, and web apps that store personal data in data bases. We believe businesses shouldn't have to pay extra to stay compliant and avoid penalties. If you find a lower price with another licensed VAPT service provider, for the same scope of work or more, we'll beat their price by 10%. Terms & Conditions apply.
We’re not just affordable — we’re trusted. None of our clients who used our VAPT services have ever been hacked, and we’re committed to keeping it that way. That’s why we offer a 1-Year Unlimited Revalidation Guarantee: unlimited revalidations for a full year after the initial test, at no extra cost. While others charge for revalidations , we don’t stop until your systems are completely secure. Because if we can’t help you stay protected, we don’t deserve your trust. Terms & Conditions apply.
Lian He Zao Bao
Channel 8
Interpol World
Channel 8
Overall findings summary
Itemised replicable steps/POC (Proof-of-concept)
Explanations
Common Vulnerability Scoring System (CVSS) risk rating
Vulnerability impact
Practical recommendations for remediation
What we found after penetration testing:
SQL Injection – An attacker can access and dump the whole database containing critical data using malicious SQL commands in user input fields
Local File Inclusion (LFI) – An attacker can read sensitive files without any restriction by fooling the target system, gaining access to sensitive information, such as password files
Stored Cross-Site Scripting (XSS) – An authenticated user can embed malicious JavaScript code in a page, which will be executed whenever any user accesses that page.
Malicious File Upload – An attacker can upload malicious executable files containing malicious content, like shell.php, to a computer system without any restriction, which might lead to remote code execution (RCE) attacks
Broken Authorisation – An authenticated user can deactivate and delete job alerts of other users without any restriction.
Link Injection – Any authenticated user can embed malicious HTML tags such as hyperlink <a> tag in a page, which may redirect users to a malicious website controlled by the attacker.
And many more
What we found after our penetration test:
Stored Cross-Site Scripting (XSS) – An authenticated user can embed malicious JavaScript code in a page, which will be executed whenever any user accesses that page.
Malicious File Upload – An attacker can upload malicious executable files containing malicious content to a computer system without any restriction, which might lead to other cyber-attacks such as insecure redirection, user account takeover, etc.
Host Header Injection – An attacker can redirect the users to a malicious web application controlled by the attacker and carry out various attacks such as session hijacking, malware download, etc.
HTML Injection – Any authenticated user can embed malicious HTML tags such as hyperlink <a> tag in a page, which may redirect users to a malicious website controlled by the attacker.
And many more
🔴 Pinpoint the ideal security assessment for your project to ensure you only pay for what you truly need.
🔴 Review tailored sample reports to know exactly what to expect, ensuring actionable and understandable insights.
🔴 Secure an unbeatable deal with our exclusive price beat guarantee, offering you top-quality assessments at the best price in the market.
Established in 2018, Privacy Ninja is a Singapore-based IT security company specialising in data protection and cybersecurity solutions for businesses. We offer services like vulnerability assessments, penetration testing, and outsourced Data Protection Officer support, helping organisations comply with regulations and safeguard their data.
Singapore
7 Temasek Boulevard,
#12-07, Suntec Tower One,
Singapore 038987
Latest resources sent to your inbox weekly
© 2025 Privacy Ninja. All rights reserved
Subscribe to our mailing list to get free tips on Data Protection and Cybersecurity updates weekly!
Subscribe to our mailing list to get free tips on Data Protection and Cybersecurity updates weekly!